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Informal Communication 

To : Examiner Virginia Ho 

Fax: 571-270-8309 

From: Andrew Lee (Reg. No. 60,371), 650-324-635 1 

Townsend and Townsend and Crew LLP 

Date: February 12, 2010 

Re: Application No. 10/668,455 filed September 23, 2003 

Agenda for Interview scheduled for February 16, 2010 at 2:30PM EST 

Examiner Ho: 

Please find below an outline of the points I propose to discuss in an interview for the above 
referenced application. 

I, Section 103 Rejection of Independent Claim 1 
A. Proposed amendments to claim 1 

1. (Currently Amended) A method comprising: 

identifying, by a network device, a first port of the network device as a 
management port, the first port having a gateway address; 

identifying, by the network device, a second port of the network device as a non- 
management port; and 

filtering, by the network device, m anagem e nt data pack e ts r e c e iv e d on the 
socond - p art a data packet received on the second port if a destination IP address of the_4ata_packet 
corresponds to the gatewaY_address.of_the first port and if the data packet utilizes a management 
protocol . 

1 . Support for these amendments can be found in the Specification at, for 
example, FIG. 3 and page 9, line 30 to page 10, line 15. 
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To: Examiner Virginia Ho February 12, 201 0 

Fax: 571-270-8309 Page 2 

From: Andrew Lee (Reg. No. 60,371), 650-324- 
6351 



B. Distinguishing features of amended claim 1 over the cited art 

1 . Chrysanthakopoulos and Haviland fail to teach or suggest "filtering, by 
the network device, a data packet received on the second port if a 
destination TP address of the data packet correspondsJoJhe_gatewav 
address of the firs.t_p.ort . . ." as recited in claim 1. (Emphasis added). No 
disclosure pertaining to this particular feature could be found in either of 
these references. 

2. In rejecting dependent claim 2, the Office Action asserts that Blewett 
teaches the concept of "determining if a destination IP address for a data 
packet received on the second port corresponds to the gateway address of 
the first port." (Office Action: pg. 1 1). 

a) Applicants respectfully disagree. First, Applicants submit that the 
general notion of a rule table for accepting/dropping packets (as 
described in Blewett) does not teach or suggest the specific 
concept of filtering a data packet receiyed_on a one portofa 
networkj3eyi.ce (e.g., the recited second port of claim 1) if the 
destination IP address of the data packet corresponds to a gateway 
address of another port on the same network device (e.g., the 
recited first port of claim 1). For example, as best understood, 
nowhere does the- cited section of Blewett specifically indicate that 
a packet received on one port of the security gateway will be 
dropped if the destination IP address of the packet matches the 
gateway address of another port on the same security gateway. 

b) Second, there is no rationale for modifying Chrysanthakopoulos 
with Blewett (or any other reference) to teach "filtering. , . a data 
packet received on the second port if a destination IP address of the 
data packet corresponds to the gateway address of the first port. . ." 
as recited in claim 1. 
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(1) In Chrysanthakopaulos, the determination of whether to 

process or drop a management command is based solely_on 
the identity of the device port on which the command is 
received : other information, such as intended destination, is 
irrelevant. Accordingly, there is no reason for the 
computing device of Chrysanthakopoulos to determine if 
destination information included in a received management 
command points to the management port - if the command 
is received on a non-management port, the command will 
be dropped regardless of its intended destination . 



II. Section 103 Rejection of Independent Claim 12 

A, Distinguishing features of claim 12 over the cited art 



the management port, determine if the data packet originated from a management virtual local area 
network (VLAN), wherein the management VLAN includes the management port; 

if the data packet did not originate from the management VLAN, 
determine if the data packet uses a management protocol; 

2. The Office Action asserts that these features are shown by Haviland at 
page 15, column 1. (Office Action: pg. 12). However, this section of 
Haviland merely states in general terms that a VLAN can be used to 
control access to management traffic. 

3. Applicants submit that the general notion of using a VLAN for 
management traffic does not teach or suggest the specific feature of 
determining if a data packet originated J;rom_ajmanagement VLAN that 
includes a management port if the destination IP address of the packet 
corresponds to the gateway IP address of _the_management port or the 
specific feature of determining if a data packet uses a management 
protocol if the data packet did not originate from the management VLAN . 



1. 



Claim 12 recites, in part: 



a control component configured to: 



if the destination IP address corresponds to the gateway IP address of 
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